Possible to see actual password's used?
I don't think this is possible, but maybe it is. Is it possible to see what passwords these Chinese "hackers" are trying to use to get into my system via SSH? All I am getting is:
A Code:
ug 12 05:08:58 localhost sshd[4721]: Failed password for root from 61.174.51.213 port 8112 ssh2 Tark |
You need to ban that IP at the router immediately. If you don't need China to access your DC, then a quick read here will help:
http://www.wizcrafts.net/chinese-blocklist.html No, you cannot view the password they are using. |
I have the IP's blocked. Is it not even possible to see the hashes that they are trying to use?
|
Quote:
Quote:
*Note care should be taken when attempting this, IMHO exposing an inert Honeypot in a DMZ would be the relatively best option isolation-wise. |
Quote:
Fail2ban is great for many services, and denyhosts is great for SSH. But those are for dynamic attacks,.. attacks from many endpoints in many countries that aren't able to be 'grouped' together easily. China, on the other hand, is easy to group together (ip-wise) and statically block at the router level if you have no reason to accept Chinese traffic (example: you run a muffin store in Ohio.) I think it's better to stop malicious traffic at the edge, IF you can, than allow it into the network. A mixture of both processes would be best.. if you are going to expose SSH to the world. Get rid of traffic at the router that you know 100% you don't need, and use fail2ban or denyhosts to further secure your world facing services. |
All times are GMT -5. The time now is 08:57 PM. |